Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot fails to update a package.json without a lock file #11373

Closed
1 task done
mshima opened this issue Jan 22, 2025 · 5 comments
Closed
1 task done

Dependabot fails to update a package.json without a lock file #11373

mshima opened this issue Jan 22, 2025 · 5 comments
Assignees
@kbukum1
Labels
L: javascript T: bug 🐞 Something isn't working

Comments

@mshima
Copy link

mshima commented Jan 22, 2025
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

npm

Package manager version

11

Language version

No response

Manifest location and content before the Dependabot update

https://github.com/jhipster/generator-jhipster-nodejs/blob/7088b50ed53e223b97ac713ed8836bbb5b728814/generators/node-server/resources/package.json

dependabot.yml content

https://github.com/jhipster/generator-jhipster-nodejs/blob/7088b50ed53e223b97ac713ed8836bbb5b728814/.github/dependabot.yml

Updated dependency

No response

What you expected to see, versus what you actually saw

PRs to be rebased jhipster/generator-jhipster-nodejs#662 (comment)

Native package manager behavior

Works correctly.

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response
@mshima mshima added the T: bug 🐞 Something isn't working label Jan 22, 2025
@realityking realityking mentioned this issue Jan 23, 2025
Open
@ntkme ntkme mentioned this issue Jan 23, 2025
Closed
1 task
@ntkme
Copy link
Contributor

ntkme commented Jan 23, 2025

Facing the same issue.

@kbukum1 It failed to detect npm engine version even after adding {"engines": {"npm": ">7"}} to package.json. However, after adding package-lock.json suddenly was able to guess the npm engine version.

@ntkme
Copy link
Contributor

ntkme commented Jan 23, 2025
edited
Loading

Adding "packageManager": "[email protected]" to package.json works, while "engines": {"npm": ">7"} does not.

@kbukum1 It looks like a bug: #11392

@mshima
Copy link
Author

mshima commented Jan 23, 2025

Yes, I fixed by adding packageManager to package.json.
https://github.com/jhipster/generator-jhipster-nodejs/blob/0d592be3c47f8df9abd552580b8e4d0eb99330cd/generators/node-server/resources/package.json#L68

@bcomnes
Copy link

bcomnes commented Jan 26, 2025

This is a serious regression. What used to work for years suddenly does not.

@mshima mshima mentioned this issue Jan 27, 2025
Merged
6 tasks
@bcomnes bcomnes mentioned this issue Jan 27, 2025
Merged
5 tasks
jenshnielsen added a commit to jenshnielsen/Qcodes that referenced this issue Jan 29, 2025
@jenshnielsen
Work around dependabot error
bef6be4 
workaround for dependabot/dependabot-core#11373
@jenshnielsen jenshnielsen mentioned this issue Jan 29, 2025
Merged
@bcomnes bcomnes mentioned this issue Jan 29, 2025
Merged
5 tasks
@kbukum1
Copy link
Contributor

kbukum1 commented Jan 29, 2025

The issue has been fixed:

@kbukum1 kbukum1 closed this as completed Jan 29, 2025
@kbukum1 kbukum1 self-assigned this Jan 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kbukum1 kbukum1

Labels
L: javascript T: bug 🐞 Something isn't working
Projects
Dependabot
Status: Done
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bcomnes @ntkme @mshima @kbukum1